RedKite
1.0.2
A Microsoft 365 incident response and investigation powershell module with a focus on email phishing attacks.
Redkite is designed to check ExchangeOnline for common indicators of compromised email accounts.
The checks look at mailbox rules that are commonly put in place by malicious actors to obfuscate their activity. The data is provided in a CSV file that flags po
Redkite is designed to check ExchangeOnline for common indicators of compromised email accounts.
The checks look at mailbox rules that are commonly put in place by malicious actors to obfuscate their activity. The data is provided in a CSV file that flags po
A Microsoft 365 incident response and investigation powershell module with a focus on email phishing attacks.
Redkite is designed to check ExchangeOnline for common indicators of compromised email accounts.
The checks look at mailbox rules that are commonly put in place by malicious actors to obfuscate their activity. The data is provided in a CSV file that flags possible supicious activity, where further investigation may be required.
Checks include;
Delete or mark messages as read
Move messages to folders silently
Forward emails externally
Recent Mailbox Changes
Show more
Redkite is designed to check ExchangeOnline for common indicators of compromised email accounts.
The checks look at mailbox rules that are commonly put in place by malicious actors to obfuscate their activity. The data is provided in a CSV file that flags possible supicious activity, where further investigation may be required.
Checks include;
Delete or mark messages as read
Move messages to folders silently
Forward emails externally
Recent Mailbox Changes
Minimum PowerShell version
5.1
Installation Options
Owners
Copyright
(c) 2025 James Erskine. All rights reserved.
Package Details
Author(s)
- James Erskine
Tags
phishing exchange o365 compromised breach security inbox_rules audit forensics investigation forwarding
Functions
Write-Log Test-RequiredModules Start-Redkite Get-M365PhishIndicators
Dependencies
-
- ExchangeOnlineManagement (>= 3.0.0)
- Microsoft.Graph.Users (>= 2.0.0)
Release Notes
1.0.2
- Added automatic installation option for required modules.
- Improved handling of module dependencies and session imports.
- Updated module to import only specific Microsoft.Graph.Users component.
FileList
- RedKite.nuspec
- License.txt
- readme.md
- RedKite.psd1
- RedKite.psm1
- redkite2025.cer
- Redkite 1.0.0.1\License.txt
- Redkite 1.0.0.1\readme.md
- Redkite 1.0.0.1\RedKite.psd1
- Redkite 1.0.0.1\RedKite.psd1.bak
- Redkite 1.0.0.1\RedKite.psm1
- Redkite 1.0.0.1\redkite2025.cer